Project

General

Profile

Translated addresses and ports » History » Version 7

Yoann Vandoorselaere, 03/04/2016 09:40 AM

1 1 Vérène Houdebine
h1. Translated addresses and ports
2 1 Vérène Houdebine
3 3 Sélim Menouar
h2. Aim: 
4 1 Vérène Houdebine
5 1 Vérène Houdebine
Offer a way to identify translated addresses and ports.
6 1 Vérène Houdebine
7 1 Vérène Houdebine
Most formats offer a way to specify whether a given address or port is pre or post translation. IDMEF doesn't offer this possibility because the translation process is younger than IDMEF. However, since translation has become a common practice, it appears to be absolutely necessary to include this information in the format.
8 1 Vérène Houdebine
9 6 Sélim Menouar
> *GH*: We could use Address.category
10 1 Vérène Houdebine
11 3 Sélim Menouar
h2. Solution 1:
12 1 Vérène Houdebine
13 5 Sélim Menouar
Add an enumeration translation in Address class
14 3 Sélim Menouar
15 3 Sélim Menouar
|_.Impacted Class|_.Proposed Field|_.Type   |
16 3 Sélim Menouar
|[[IDMEF_Node_Zoom|Address]]|Translation|no_translation
17 3 Sélim Menouar
pre_trabslation
18 3 Sélim Menouar
post_translation|
19 3 Sélim Menouar
20 3 Sélim Menouar
h3. Pros
21 3 Sélim Menouar
22 5 Sélim Menouar
* Backwards compatibility with existing implementations is maintained.
23 3 Sélim Menouar
24 1 Vérène Houdebine
h3. Cons
25 3 Sélim Menouar
26 3 Sélim Menouar
h2. Solution 2:
27 3 Sélim Menouar
28 5 Sélim Menouar
Add some options in the enumeration category of Address class
29 3 Sélim Menouar
30 3 Sélim Menouar
|_.Impacted Class|_.Proposed Field|_.Type   |
31 3 Sélim Menouar
|[[IDMEF_Node_Zoom|Address]]|category|ipv4-addr-post-nat
32 3 Sélim Menouar
ipv4-addr-pre-nat
33 3 Sélim Menouar
ipv6-addr-post-nat
34 1 Vérène Houdebine
ipv6-addr-pre-nat|
35 1 Vérène Houdebine
36 3 Sélim Menouar
h3. Pros
37 3 Sélim Menouar
38 3 Sélim Menouar
h3. Cons
39 5 Sélim Menouar
40 5 Sélim Menouar
* Adds options which type overlap (an ipv4-addr-pre-nat is an ipv4-addr)
41 3 Sélim Menouar
42 3 Sélim Menouar
h2. Meetings:
43 3 Sélim Menouar
44 3 Sélim Menouar
+30/10/2015 Meeting+: This information is necessary. In order to avoid adding too much fields, we could use the category field from the class address and update the related dictionnary.
45 7 Yoann Vandoorselaere
46 7 Yoann Vandoorselaere
47 7 Yoann Vandoorselaere
Commentaires HD/HV: 
48 7 Yoann Vandoorselaere
- A débattre.